Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

January 9, 2015

The AMS Must Justify Its Support of the NSA

Posted by Tom Leinster

That’s the title of a letter I’ve just had published in the Notices of the AMS (Feb 2015, out yesterday). Text follows. There’s also a related letter from Daniel Stroock of MIT.

Plus, there’s an article by the NSA’s director of research, Michael Wertheimer. I have a few points to make about that — read on.

Here’s my letter, together with links to supporting evidence:

The AMS must justify its support of the NSA

Roger Schlafly (letters, November 2014) accuses mathematicians of an “overwrought” and “over-excited” response to the recently-revealed activities of the National Security Agency (NSA). So, let us look at some cold facts. In 2011, the NSA explicitly stated its goal of universal surveillance, describing its “posture” as “collect it all”, “know it all”, “exploit it all”. The same year, the NSA’s close British partner GCHQ said it was intercepting over 50 billion communication events per day. In 2012, a single NSA program celebrated its trillionth metadata record.

On encryption: the NSA’s 2013 budget request sought funds to “Insert vulnerabilities into commercial encryption systems”. The NSA described its secret program Sentry Raven as “work[ing] with specific US commercial entities … to modify US manufactured encryption systems to make them exploitable for SIGINT [signals intelligence]”. The aim is clear: that no two human beings shall be able to communicate digitally without the NSA being able to listen.

Schlafly is, at least, correct in noting that outrage at the intelligence agencies’ abuse of surveillance powers is nothing new: from the FBI’s bugging of Martin Luther King and subsequent attempt to blackmail him into suicide, to the 2011 extrajudicial killing of an American child by CIA drone strike (a program to which the NSA supplies surveillance data). He is justified in worrying about the data held by Google, Facebook, etc., but he writes as if concern over that and state surveillance were mutually exclusive, which of course they are not; and much of that data is harvested by the NSA’s PRISM program anyway.

Further, his comparison with 1970s technology distracts from the awesome invasive power of today’s internet. As the NSA’s former general counsel Stewart Baker said, “metadata absolutely tells you everything about somebody’s life”. Former NSA director Michael Hayden agreed, adding “we kill people based on metadata”.

By collaborating with the NSA, the AMS sends a strong political message: that it is proud to support the NSA’s work and welcomes it into the mathematical community. It is just as surely a political position as withdrawing cooperation would be. Many members are vigorously opposed to much of what the NSA does; indeed, when the Notices set out to organize the series “Mathematicians discuss the Snowden revelations”, its editors could not find anyone to write in the NSA’s defense. (And when they finally did, it was a longtime NSA employee.)

How does the AMS leadership justify its continued cooperation with the NSA? Is it certain it has the backing of the membership? And what exactly would the NSA have to do in order for the AMS to declare “Enough: this partnership brings mathematicians into disrepute”?

Tom Leinster, University of Edinburgh

Now some brief points in response to the article by Michael Wertheimer, NSA’s director of research:

  • Wertheimer writes for a full three pages, mostly about the cryptographic algorithm known as the Dual Elliptic Curve pseudorandom number generator, which many experts believe contain a back door or trapdoor inserted by the NSA. He does everything to make the NSA’s behaviour sound reasonable.

    However, one thing he does not do, anywhere in this long defence, is deny that the NSA did insert a back door. Why not?

  • Wertheimer says the NSA is “committed to the important work of [industrial standards] groups in producing secure cryptographic standards that protect global communications” and speaks of the “work NSA has done to promote secure standards”. Maybe so, but the NSA’s own internal documents state explicitly that they are also committed to undermining the security of encryption systems.

  • He denies that the NSA has an “agenda to ‘undermine Internet encryption’”. But multiple public statements by leading figures in the NSA and allied intelligence agencies make totally explicit their opposition to effective internet encryption. In the last few months alone, we’ve heard this from the head of the FBI (“encryption threatens to lead us all to a very, very dark place”), the NSA’s former head lawyer, and the head of GCHQ. Going back further, in the 1990s “crypto wars”, the NSA and FBI tried to persuade the Clinton government to adopt the Clipper chip, an encryption device with a back door purposely built in. (Ross Anderson’s fabulously readable book Security Engineering, free online, has an account of this in section 24.3.9.)

  • Like many of these articles by mathematicians employed by the intelligence agencies, it very politely suggests that none of the rest of us know what we’re talking about: “I further hope that dialogue on important issues will always be … informed”. Doubtless Wertheimer knows much about the NSA that we do not. It’s a secret agency; that’s inevitable. And yet like all of these articles, it does not engage with one single fact that we have learned from by far the largest body of publicly-available documentation on recent NSA activities: the Snowden archive.

    Mathematicians like facts. NSA and GCHQ mathematicians who do not engage with the known facts are unlikely to be found convincing.

  • Wertheimer finishes by fondly recalling the “warm embrace” the NSA gave him as a student, and by noting the extent to which the NSA has woven itself into American mathematical culture: “Our research mathematicians serve on editorial boards, publish papers, teach at universities, and contribute time and energy to the AMS”. He portrays himself and his colleagues as decent human beings, acting “quietly and honorably”.

    I have little doubt that many NSA/GCHQ mathematicians do regard themselves that way (although I also know that some were uncomfortable enough with what the agencies were doing that they quit, even pre-Snowden). But as I wrote here and here, you can’t place much weight on people’s positive self-regard. (Mark Meckes very pertinently mentioned the Milgram experiments.) Almost everyone has a need to view their own actions as noble and right, even if this is obviously contradicted by the evidence. The fact that a group of people regard themselves positively means almost nothing. It’s their actions that matter.

Posted at January 9, 2015 7:11 AM UTC

TrackBack URL for this Entry:

20 Comments & 0 Trackbacks

Re: The AMS Must Justify Its Support of the NSA

It’s easy to answer why the AMS supports the NSA. Many of its most influential members are corrupted by their direct and indirect ties to the state security apparatus in the USA. As an undergraduate at Harvard a substantial number of my classmates took summer jobs in the NSA. When later those same people win Fields Medals and other prizes and gain considerable influence, those summer jobs are well compensated for their old employer. It’s no accident that the IDA is in Princeton. Let’s stop being nice and pretending that no one’s hands are bloody.

Posted by: Anonymous on January 9, 2015 3:40 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

In case anyone else is wondering, the IDA is presumably the Institute for Defense Analyses, which I hadn’t heard of. Wikipedia says it

is an American non-profit corporation that administers three federally funded research and development centers […] to assist the United States government in addressing national security issues, particularly those requiring scientific and technical expertise.

It is also says that its headquarters are in Alexandria, Virginia, not Princeton, New Jersey. But apparently it also has premises in Princeton.

Let’s stop being nice and pretending that no one’s hands are bloody.

I certainly wasn’t being nice or pretending anything. In fact, I’m not quite sure what you’re saying. Can you explain what you mean by “those summer jobs are well compensated for their old employer”? Thanks.

Posted by: Tom Leinster on January 9, 2015 3:56 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

The famous article “Minimal varieties in riemannian manifolds” of J. Simons, is signed (at the very end) “Institute for Defense Analyses, Princeton”. Other similar examples are not hard to come by.

Posted by: Anonymous on January 23, 2015 8:53 AM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Those who have summer employment at the NSA are likely to be friends to the agency later on in their careers. This surely, more than the direct benefit provided by undergraduate researchers, is why they make such summer hires. Certainly a Fields medalist who worked a summer job at the NSA is useful to them in a political sense. To put it more concretely, if the governing board of the AMS has on it a few with ties to the NSA, then the NSA has an easier time getting what it wants in the mathematical community. What it wants includes a supply of competent mathematicians and the rest to turn a blind eye to what they do.

Posted by: anonymous on January 30, 2015 5:33 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

I think that’s a very good point. It’s a powerful argument for not cooperating with the NSA even when they’re engaged in what one might naively call “innocent” activities, such as funding mathematics that is of no direct use to them.

Posted by: Tom Leinster on February 3, 2015 11:40 AM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Let’s put it this way: what percentage of Harvard undergrads who later do a PhD in math spent a summer at the NSA? I doubt numbers are easy to come by, but, anecdotally, they aren’t negligible. While I try here to avoid personal details, for an example it can be checked in the public record that the NSA’s current director of compliance was a math&physics major at Harvard, or, on the CV of a recent Fields medalist (a thoroughly nice person) one can find “National Security Agency, Summer 19XX” listed under “Research Positions”. This stuff is deeply entrenched at places like Harvard and Princeton, so much so that it seems normal, and people, in particular young students, enter into it because it seems like something fun and interesting, and a bit of money. It’s probably a mistake to hold them accountable for what at worst is probably naivete. After all, not everyone grew up with counterculture parents and a steady dose of skepticism about the establishment; some folks grew up in flag waving military families. This is exactly why it’s so insidious. Intelligent people perhaps lacking in social/political skepticism (but one learns these, mainly by failure and frustration, and the future math star studying at Harvard hasn’t often experienced those) see working with the NSA as a challenge and an opportunity, even a service to their country, and enter in remunerated relations with it (and similar entities). Later their relationships compromise their objectivity. They know too many decent smart people working there to believe that the organization is anything like its critics say. And they know enough from the inside to easily overcome the critiques.

For me the issue is to raise consciousness of what entities like the NSA really do, and why it is problematic, with the goal of reducing the tendency of well-meaning, moral people to join and support them. A separate issue is whether the broad base of the AMS supports the AMS cooperation with the NSA. I suppose no, but I doubt it is clear cut, and imagine that there are many AMS members who do support such cooperation, although I am not one of them.

Posted by: anonymous on February 3, 2015 2:51 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

anonymous wisely wrote:

those who have summer employment at the NSA are likely to be friends to the agency later on in their careers. This surely, more than the direct benefit provided by undergraduate researchers, is why they make such summer hires.

An NSA internal document (page 4) confirms anonymous’s assertion in the most precise way:

The Director’s Summer Program (DSP) is the agency’s premier summer program for mathematics undergraduates. Since its inception in 1990, the mission of the DSP has not been simply recruitment, (though a small but steady percentage of DSP participants do come back to work at the NSA, often after obtaining an advanced degree), but rather an outreach effort aimed at attracting the best mathematics students from around the country, educating them about mathematics at NSA, and thus establishing ties with the future leaders of the outside mathematics community.

Most readers here probably know people who’ve been on this program. Do we think they’re more inclined to give the NSA the benefit of the doubt? If so, it’s working.

Posted by: Tom Leinster on July 3, 2015 8:36 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

The Institute for Defense Analysis has a branch called Center for Communications Research - Princeton. Their website says we hire Ph.D. mathematicians who are US citizens and can get a “high level of security clearance”. They work on cryptology:

Cryptology, as a field of applied mathematics, is remarkable for the range of abstract mathematics which finds striking application. As might be expected, algebra, number theory, combinatorics and statistics play a major role, but topology, algebraic geometry and harmonic analysis have been the source of unexpected and critical contributions. One has an extraordinary opportunity to see an abstract theory turned into an effective tool solving real problems. On the one hand, this provides a deep understanding of the theory and its ramifications; and on the other, provides the exhilaration of solving problems of immediate and substantial importance.

As an undergraduate at Princeton I took a course on knot theory from Lee Neuwirth, a mathematican on the faculty who was also for a time the deputy director of the communications research division of the Institute for Defense Analysis.

Later I took classes with Gian-Carlo Rota at MIT, who spent summers working at Los Alamos. When another student asked what he did there, he laughed and said “If I told you, you wouldn’t like me.”

Posted by: John Baez on January 17, 2015 1:28 AM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Der Spiegel has an article showing that the NSA can break many protocols (skype, VPN, HTTPS, sometimes SSH, …). Also, “the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable” is labeled as Top Secret by the NSA.

Posted by: Bas on January 10, 2015 8:39 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA


The aim is clear: that no two human beings shall be able to communicate digitally without the NSA being able to listen.

David Cameron today:

In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications … The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.

When I wrote that sentence, it was with both conviction and evidence. Nevertheless, I suspected that some people reading it would find it melodramatic — a piece of hyperbole, ascribing inaccurately extreme motives to the intelligence agencies.

What I wasn’t expecting was for the prime minister of Great Britain to come out and say it openly.

Posted by: Tom Leinster on January 12, 2015 10:59 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Tom, you beat me too it. The EFF has an intelligent piece on how more surveillance will in fact limit our possibilities for free speech. A recent survey shows that many writers feel restricted by it.

Posted by: Bas Spitters on January 13, 2015 12:21 AM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Yeah, the Prime Minister’s comment is pretty stunning, isn’t it?

I do wonder though, what sort of law does he have in mind, if any? He is quoted as wanting to ban encrypted messaging or encryption itself. That sounds to me like complete nonsense, practically speaking. Does he want to go after the software makers and force them to insert backdoors or else..? Well he might be able to succeed with one or two but there are far too many free open source methods to do encrypted messaging/email and these are being constantly vetted. Besides, even the most draconian law targeting software companies will at best succeed in driving their legal presence outside the UK, and people will still be able download their products. Does he think he can block sites from where people can download software? Good luck with that! Website blocking is trivial to circumvent using proxies, not to mention that there will likely be plenty of other sites and mirrors that would prop up immediately if he were to pull such a trick on one website. Nor is it practical in Britain to make ISPs block/drop encrypted traffic, as that would mean saying goodbye to everything from gmail to e-commerce. Does he want to go after the vast user base instead, and make a law criminalizing possession of unapproved encryption code or private keys? That sounds to me as extremely far-fetched, though the way Britain is headed I cannot put anything past them.

So does anyone have any idea what the Prime Minister means? Because despite my horror at the sentiment expressed, I cannot think of any realistic way this can be enforced. Is Cameron just completely ignorant of how the internet works, or is he just blowing hot air?

Posted by: Abhishek on January 14, 2015 7:55 AM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

My guess is the former: he’s completely ignorant of how the internet works. The analysis seems to suggest that this is a rare gaffe for Cameron and that the government will back away from this as soon as someone points out that it’s unworkable (admittedly those are from the Guardian, which is never looking to give Cameron an easy ride).

Something nice from the BBC’s article on this:

“Encryption is mathematics, not technology. It can’t be suppressed by law,” Mr Bloch told the BBC.

I feel like a revolutionary, no government can keep mathematics down!

Posted by: Tom Harris on January 14, 2015 10:59 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

I think the answer to Abhishek’s final question is “both”: he’s both technically ignorant and blowing hot air — more specifically, the type of hot air that gets blown four months before a general election.

Cory Doctorow also has a systematic take-down of just how absurd and unworkable Cameron’s suggestion is.

“Encryption is mathematics, not technology. It can’t be suppressed by law,” Mr Bloch told the BBC.

Glamorous as this may make us feel, I’m not sure I agree. Encryption is surely both mathematics and technology. In order for an encryption method to be worth your trust, it needs to be sound both mathematically and technologically.

As far as we know, most of the intelligence agencies’ success in defeating encryption has been by technological means. E.g. GCHQ’s hack of Belgacom (Belgium’s largest telecoms provider, which serves various EU institutions and is an important international hub) apparently worked like this:

When communications are sent across networks in encrypted format, it makes it much harder for the spies to intercept and make sense of emails, phone calls, text messages, internet chats, and browsing sessions. For GCHQ, there was a simple solution. The agency decided that, where possible, it would find ways to hack into communication networks to grab traffic before it’s encrypted.

I don’t know of any instances where the agencies have defeated encryption through predominantly mathematical means — I mean, via mathematical advances that aren’t known to the wider world. Of course, one reason for me not to know about them is that they’ve effectively kept them secret. But I don’t think anything like this has emerged through reporting of the Snowden documents.

Posted by: Tom Leinster on January 14, 2015 11:16 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Thanks for the replies!

Regarding encryption, one thing the Snowden documents seem to mostly confirm is that the agencies are pretty adept at defeating encryption by getting at the traffic before it is encrypted but they really have no way of defeating encryption if you are using properly implemented end-to-end encryption (except of course by directly hacking into your computer and using one of their myriad TAO exploits, but that would be targeted surveillance as opposed to mass surveillance, which I have much less problems with, for similar reasons as articulated here by Matt Blaze).

Of course, “properly implemented” is key above, but again from the Snowden documents, it seems likely that several free open source tools exist that make your correspondence fully private from them (unless of course, you are already the object of targeted surveillance, where the TAO tools they have can pretty much hack any computer connected to the internet unless you take extreme measures).

The EFF has a useful (by no means definitive) scorecard for various messaging programs here. My personal experience with using Pidgin+OTR and textsecure have both been excellent.

Posted by: Abhishek on January 15, 2015 2:27 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

PS - speaking of cluelessness, I can’t resist reposting this trainwreck. (I gave some context here.)

Incredible to see man who signs off GCHQ mass surveillance clueless about what he's been approving

Posted by: Tom Leinster on January 14, 2015 11:21 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

I’ve only watched the 4 minute speech linked, but in case it’s not obvious to people not involved in technology, there’s crucial distinctions being (possibly deliberately) dropped. In order to learn the content of a phone call between two people I could: 1. Have a physical audio bug in the phone of one of the people; 2. Have audio bugs in the places frequented by one of the people; 3. Have an undercover agent listening nearby while the call is made or told of the calls contents afterwards by a participant. 4. Have a non-agent either present or told of the content and then interview them about it. Etc. Etc. N. Be able to extract the communication in intelligible form whilst in transit. Similar things apply to emails.

The suggestion is being made that if government agents cannot do N, they cannot know the content of the communication. In particular, I’d change Tom’s characterisation above to “make it impossible for two people to communicate without making it easy and very low effort for the government to know the contents.”

I’m actually not opposed to (with a warrant) insertion of physical bugs, etc, while opposed to mandating backdoors in the common communication infrastructure. By not bringing up the technical details, the government seems to be pushing things towards a binary “you’re either with us or with the forces of evil”.

Posted by: dave tweed on January 16, 2015 9:53 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Cryptographer and computer scientist Matthew Green (at Johns Hopkins) has a well-written, expert and highly sceptical response to Wertheimer’s article.

Visiting Green’s blog also reminded me of his nice summary, written just after the stories broke last year, of the intelligence agencies’ abilities to defeat encryption. It begins:

Let me tell you the story of my tiny brush with the biggest crypto story of the year.

and continues:

Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations describing the NSA’s efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.

Posted by: Tom Leinster on January 16, 2015 5:10 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

And here’s another reply to Wertheimer’s article, this one from Ethan Heilman. It links to his own very interesting Brief History of NSA Backdoors.

Posted by: Tom Leinster on January 16, 2015 5:23 PM | Permalink | Reply to this

Re: The AMS Must Justify Its Support of the NSA

Several more responses: Peter Woit is very critical of Wertheimer’s article as being misleading, at least. Le Monde seems to take the article as an admission and apology. Ars Technica recaps.

It makes sense that Wertheimer would apologize for not abandoning the flawed standard as soon as its vulnerability was discovered, if you assume that (1) it was intentionally back-doored but (2) that the NSA believed it to still be impregnable–to anyone else. The revelation of its vulnerability, casting doubt on (2), should have led them to abandon support even if they felt justified in (1). However, as is clear from how le Monde interpreted the current article, that might have been seen as an admission they didn’t want to make.

The question of what sort of intelligence capabilities (such as back doors and upstream taps) should even be permitted to exist is taken up in the CATO unbound debate issue from June. (Basically answering my earlier question.) The last essay by Julian Sanchez makes the excellent point that secret architectures like the ones being discussed are especially susceptible to abuse. For oversight to be effectively enforced there has to be more transparency–which makes intelligence gathering more difficult. Of course we need to find a balance between security and freedom, but there are feedback loops working here. On one hand less security means those vulnerable to attack are less free. On the other hand, in the long term, curtailing freedom will result in oppression, and then security suffers. Witness the past flight of mathematicians from oppressive states to freer ones.

Posted by: stefan on January 27, 2015 10:13 PM | Permalink | Reply to this

Post a New Comment